BIND 9.4.x vs 9.6.x - pid-file check and creation
Jan Arild Lindstrøm
jal at telenor.net
Mon Jan 26 07:59:42 UTC 2009
Hi,
just to clarify that Solaris really is different from Linux:
ns12(root) / 503# su - named
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
-bash-3.00$ ls -la /var/run/named/
total 80
drwxr-s--- 4 named named 307 Jan 26 08:22 .
drwxr-xr-x 7 root sys 1285 Jan 26 00:52 ..
-rw-r--r-- 1 named named 6 Jan 26 06:41 named.pid
-bash-3.00$ mkdir /var/run/named
mkdir: Failed to make directory "/var/run/named"; Permission denied
dns-nms(root) ~ 1003# su - named
-bash-3.1$ uname -sr
Linux 2.6.18-53.1.13.el5
(reverse-i-search)`':
-bash-3.1$ ls -la /var/run/named/
total 20
drwxr-s--- 3 named named 4096 Jan 26 08:48 .
drwxr-sr-x 24 root root 4096 Jan 26 08:22 ..
-rw-r--r-- 1 named named 6 Jan 26 08:48 named.pid
-bash-3.1$ mkdir /var/run/named
mkdir: cannot create directory `/var/run/named': File exists
That is, when the diretory exists and is fully writable on Solaris 10, you still get
"Permission denied", while you on Linux get "File exists".
I'd say Solaris 10 first checks if the user have permissions to create the directory
before it checks if it exists.
So I would say the code for creating the pid-file has been changed between 9.4.3
and 9.6.0-P1, and that a bug has been introduced on Solaris.
?
Regards
Jan Arild Lindstrøm
At 08:42 26/01/2009, Jan Arild Lindstrøm wrote:
>Hi,
>
>I was going to upgrade from BIND 9.4.3 to BIND 9.6.0-P1, but run into a
>strange "bug" in BIND 9.6.0-P1.
>
>Exact same config for 9.4.3 and 9.6.0-P1, only added "new" to files that
>are written to (namednew.log, confignew.log and namednew.pid).
>
>OS: Solaris 10.
>
>Using:
> pid-file "/var/run/named/namednew.pid";
>
>.. result in the following:
>
>namednew.log:
>26-Jan-2009 08:14:22.723 general: couldn't mkdir /var/run/named/namednew.pid': Permission denied
>26-Jan-2009 08:14:22.728 general: exiting (due to early fatal error)
>
>BIND 9.6.0-P1 truss.out:
>--CUT--
>25123/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) = 0
>25123/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) = 9
>25123/65: fcntl(9, F_GETFL) = 8320
>25123/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) = 0
>25123/65: setgid(21) = 0
>25123/65: setuid(21) = 0
>25123/65: access(".", W_OK) = 0
>25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
>25123/65: lseek(10, 0, SEEK_END) = 332
>25123/65: close(10) = 0
>25123/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
>25123/65: lseek(10, 0, SEEK_END) = 0
>25123/65: close(10) = 0
>25123/65: mkdir("/var/run/named", 0755) Err#13 EACCES [ALL]
>25123/65: stat("/var/log/namednew.log", 0xFFFFFFFF79D0F3C0) = 0
>25123/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
>25123/65: lseek(10, 0, SEEK_END) = 332
>25123/65: fstat(10, 0xFFFFFFFF79D0E540) = 0
>25123/65: fstat(10, 0xFFFFFFFF79D0E410) = 0
>25123/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E47C) Err#25 ENOTTY
>25123/65: write(10, 0x10502E754, 97) = 97
>25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 3 g e n e r a l
>25123/65: : c o u l d n ' t m k d i r / v a r / r u n / n a m e d /
>25123/65: n a m e d n e w . p i d ' : P e r m i s s i o n d e n i e d
>25123/65: \n
>25123/65: write(10, 0x10502E754, 69) = 69
>25123/65: 2 6 - J a n - 2 0 0 9 0 8 : 1 4 : 2 2 . 7 2 8 g e n e r a l
>25123/65: : e x i t i n g ( d u e t o e a r l y f a t a l e r
>25123/65: r o r )\n
>25123/65: _exit(1)
>
>It fails because it tries to just create the /var/run/named directory instead
>of cheking if the directory exist and if it can write to it.
>
>ns12(root) named 515# ls -la /var/run/named
>total 40
>drwxr-s--- 4 named named 307 Jan 26 06:51 ./
>drwxr-xr-x 7 root sys 1285 Jan 26 00:52 ../
>-rw-r--r-- 1 named named 6 Jan 26 06:41 named.pid
>
>So /var/run/named exists and is fully writable by user named.
>
>User "named" should of course not be able to crate diretories below
>"/var/run". Especially since many other things on Solaris 10 uses that
>directory also.
>
>
>If I use:
> pid-file "/var/run/named/named/namednew.pid";
>
>... everything works fine, since it now can run mkdir without getting "EACCES".
>Instead it gets "EEXIST" and is OK with that.
>
>BIND 9.6.0-P1 truss.out:
>--CUT--
>25404/65: stat("/dev/urandom", 0xFFFFFFFF79D0FA00) = 0
>25404/65: open("/dev/urandom", O_RDONLY|O_NONBLOCK) = 9
>25404/65: fcntl(9, F_GETFL) = 8320
>25404/65: fcntl(9, F_SETFL, FOFFMAX|FNONBLOCK) = 0
>25404/65: setgid(21) = 0
>25404/65: setuid(21) = 0
>25404/65: access(".", W_OK) = 0
>25404/65: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
>25404/65: lseek(10, 0, SEEK_END) = 498
>25404/65: close(10) = 0
>25404/65: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
>25404/65: lseek(10, 0, SEEK_END) = 0
>25404/65: close(10) = 0
>25404/65: mkdir("/var/run/named/named", 0755) Err#17 EEXIST
>25404/65: stat("/var/run/named/named/namednew.pid", 0xFFFFFFFF79D0F980) Err#2 ENOENT
>25404/65: unlink("/var/run/named/named/namednew.pid") Err#2 ENOENT
>25404/65: open("/var/run/named/named/namednew.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = 10
>25404/65: fcntl(10, F_GETFD, 0x000001A4) = 0
>25404/65: getpid() = 25404 [25403]
>25404/65: fstat(10, 0xFFFFFFFF79D0E9D0) = 0
>25404/65: fstat(10, 0xFFFFFFFF79D0E8A0) = 0
>25404/65: ioctl(10, TCGETA, 0xFFFFFFFF79D0E90C) Err#25 ENOTTY
>25404/65: write(10, " 2 5 4 0 4\n", 6) = 6
>25404/65: close(10) = 0
>--CUT--
>
>
>Trussing 9.4.3 I see that it does it differently:
>
>--CUT--
>25730/10: access(".", W_OK) = 0
>25730/10: open("/var/log/namednew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
>25730/10: lseek(10, 0, SEEK_END) = 2625
>25730/10: close(10) = 0
>25730/10: open("/var/log/confignew.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 10
>25730/10: lseek(10, 0, SEEK_END) = 0
>25730/10: close(10) = 0
>25730/10: stat("/var/run/named/namednew.pid", 0xFFFFFFFF7D90F660) Err#2 ENOENT
>25730/10: unlink("/var/run/named/namednew.pid") Err#2 ENOENT
>25730/10: open("/var/run/named/namednew.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = 10
>25730/10: fcntl(10, F_GETFD, 0x000001A4) = 0
>25730/10: getpid() = 25730 [25729]
>25730/10: fstat(10, 0xFFFFFFFF7D90E6B0) = 0
>25730/10: fstat(10, 0xFFFFFFFF7D90E580) = 0
>25730/10: ioctl(10, TCGETA, 0xFFFFFFFF7D90E5EC) Err#25 ENOTTY
>25730/10: write(10, " 2 5 7 3 0\n", 6) = 6
>--CUT--
>
>
>It seems that someone has "shorted" the code to create and/or check the pid-file.
>
>Maybe that "shortcut" will work on Linux, but it for sure does not work on Solaris 10.
>
>Having to use .../named/named/... in the pid-file option is of course possible, but I
>guess that it is not the way it is supposed to be...(?)...
>
>Help? Ideas?
>
>Regards
>Jan Arild Lindstrøm
>
>_______________________________________________
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list